Should be fixed now.
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
[levitte - Wed Jun 5 15:31:44 2002]:
A little more analysis seems to indicate that X509_EXTENSION isn't
properly coded, since freeing it requires a dive into the
OCTET_STRING (or whatever that translates to) and free whatever
that's pointing to.
The code in question is
[[EMAIL PROTECTED] - Mon Jun 10 12:25:27 2002]:
It seems that in the latest snapshots in crypto/x509v3/ext_dat.h,
the table standard_exts ist not sorted correctly.
crl_hold should be after sinfo.
v3_crl_hold :
#define NID_hold_instruction_code 430
v3_sinfo :
[[EMAIL PROTECTED] - Thu Jun 6 08:59:53 2002]:
The doc says :
Create an OCSP request and write it to a file:
openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout
req.der
In my test, I try to do exactly that with :
openssl ocsp -issuer ocsp_ca.pem -cert
[[EMAIL PROTECTED] - Thu Jul 18 22:15:39 2002]:
In message [EMAIL PROTECTED] on Thu, 18 Jul 2002 21:07:10
+0100, Ben Laurie [EMAIL PROTECTED] said:
ben The issue as reported to me was that the body had CRLF, but
headers LF
ben only...
ben
ben Seems to me they should be consistent.
I
[[EMAIL PROTECTED] - Wed Aug 21 22:14:01 2002]:
Dear OpenSSL Team,
Our company is the market leader on X509 certificate issuance in
Hungary. For some functions we use OpenSSL products and we have found
a
problem in the recently issued OpenSSL versions that we would like to
share.
[[EMAIL PROTECTED] - Wed Aug 21 22:21:34 2002]:
The following patch provides basic support for Subject Directory
Attributes, which are defined in the x509 spec (RFC 2459), but are
currently unsupported by OpenSSL. In this patch, Subject Directory
Attributes are parsed like Authority
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
followup in openssl-users suggested the
cause was calliing:
sk_X509_free(Ca);
instead of
sk_X509_pop_free(Ca, X509_free);
__
OpenSSL Project http://www.openssl.org
Development Mailing List
[[EMAIL PROTECTED] - Mon Aug 26 10:33:29 2002]:
I found the solution: I just commented out the lines 675-676 in
apps/ca.c -
now everything works as expected.
Since this just disables the check it isn't a good idea.
The error message suggested that index.txt has somehow had an invalid
[jaenicke - Fri Aug 23 09:46:13 2002]:
On Fri, Aug 23, 2002 at 01:48:48AM +0200, Stephen Henson via RT wrote:
I've applied most of this patch to OpenSSL 0.9.8-dev.
Would you think it would make sense to also apply it to the 0.9.7
tree?
SInce no one had raised any objections, I've
I agree that this should be done but there are quite a few cases to
cover.
The exit code could be modified to represent the actual verify error.
This is possible because code 1 is used for other errors and is not a
valid verify failure reason.
However theres also the issue of what should
I've written some docs for the d2i/i2d functions which I've just
committed, this covers
d2i_RSAPrivateKey and friends too.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
[[EMAIL PROTECTED] - Thu Nov 7 07:46:48 2002]:
I think that ASN1_IMP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING,
2) is wrong.
I think that ASN1_EXP(OCSP_RESPID, value.byKey,
ASN1_OCTET_STRING, 2) is right.
pleas check it.
Yes you are correct, I've checked in fixes.
Thank you for the
[levitte - Thu Nov 14 15:13:32 2002]:
I would also suggest this not get changed in the 0.9.6 branch. I'm
even dubious about changing it in the 0.9.7 branch. The reason is
that such a change breaks the current test scripts, and then I can
only guess what other people's scripts will do.
[[EMAIL PROTECTED] - Thu Sep 5 09:23:59 2002]:
This patch is a replacement for RT/openssl.org: Ticket #237. Please
retract Ticket #237.
The following patch provides basic support for Subject Directory
Attributes, which are defined in the x509 spec (RFC 2459), but are
currently
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
On Tue, Dec 03, 2002, Vaclav Ovsik via RT wrote:
Tue Dec 3 13:56:10 2002: Request 20 was acted upon.
Transaction: Correspondence added by [EMAIL PROTECTED]
Queue: OpenSSL-Bugs
Subject: [openssl.org #20] patch for asn1_d2i_read_bio() to detect truncated
data
Owner:
[[EMAIL PROTECTED] - Thu Nov 28 17:03:21 2002]:
This bug is present in both 0.9.7 and 0.9.8 branches. Function
X509v3_get_ext_by_critical() implemented in crypto/x509/x509_v3.c
returns
only critical extensions regardless of the value of the second
parameter
crit. The problem is in
[[EMAIL PROTECTED] - Tue Dec 3 13:56:10 2002]:
Hello,
my colleague Jan Hofmann experimented with new ASN.1 code from
openssl-0.9.7-beta4. He achieved buggy behavior when parsing
incomplete (truncated) DER data under specific conditions.
Openssl does'not detect any error while parsing
[[EMAIL PROTECTED] - Thu Nov 28 16:47:51 2002]:
This bug seems to be present in both 0.9.7 and 0.9.8 branches.
ASN1 NULL type is stored in ASN1_TYPE structure usually in such a way that
value.ptr is NULL pointer (except when ASN1_TYPE_set() was used). But this
breaks ASN1_TYPE_get()
[[EMAIL PROTECTED] - Tue Dec 31 13:20:55 2002]:
Hi!
I took 0.9.7 from OpenSSL.org and tried compiling it on Windows NT4 sp6a
with Visual Studio command line tools. I followed the instructions of
install.w32 but got the following error with ms\do_nasm:
SNIP
cl
[[EMAIL PROTECTED] - Wed Jan 1 15:40:21 2003]:
Hi,
I have trouble running the following command with openssl version 0.9.7
openssl ca -policy policy_anything -out newcert.pem \
-passin pass:whatever -key whatever -extensions xpserver_ext \
-extfile xpextensions -infiles newreq.pem
It
[[EMAIL PROTECTED] - Wed Jan 8 22:09:03 2003]:
html
body
Please don't post using HTML...
Version 0.9.7 release version from Dec 31, 2002
Compiled using MSVC6 sp6 with Masm
Where is SP6 for MSVC6? I can only see SP5 on MS site...
OS: Windows XP Homebrbr
When PEM_read_X509 is called in
[[EMAIL PROTECTED] - Thu Jan 9 11:26:42 2003]:
If for any help. WorkShop dbx implements so called run-time check
which
catches things like references to uninitialized and unallocated
memory.
Not foolproof, but it might help. Here is what it says:
I am unable to access the
[[EMAIL PROTECTED] - Thu Jan 9 08:17:07 2003]:
At 02:14 AM 1/9/2003 +0100, you wrote:
[[EMAIL PROTECTED] - Wed Jan 8 22:09:03 2003]:
Assuming that isn't the case I've also just been tracing the cause of
a
problem with VC++ SP4 with the processor pack.
It was giving incorrect
I've managed to download SP5 and the processor add on pack.
With VC++ 6.0 and SP5 only it passes all tests.
With VC++ 6.0, SP5 and processor add on it misbehaves and things like
AES give invalid results.
After playing around with various options it seems that disabling global
optimization with
[[EMAIL PROTECTED] - Fri Jan 10 15:10:09 2003]:
Ugh, can't quote the original message...
This refers to OpenSSL 0.9.6X which does indeed only show the DN of the
CSR (or pseudo CSR in the case of SPKACs) including the old mishandling
of multibyte string types.
That's one reason why I didn't
[[EMAIL PROTECTED] - Fri Jan 10 21:48:32 2003]:
I tried 0.9.7 before succesfully compiling 0.9.6h.
As Doug Kaufman suggested for some reason asn1t.h doesn't get
included. I
had to manually edit a dozen source files.
I also have Cygwin in c:\cygwin, but my PATH shows:
[steve - Fri Jan 10 01:33:03 2003]:
I've managed to download SP5 and the processor add on pack.
With VC++ 6.0 and SP5 only it passes all tests.
With VC++ 6.0, SP5 and processor add on it misbehaves and things like
AES give invalid results.
After playing around with various options it
I've analysed this further and the cause seems to be that it bcc 5.5
complains about taking the address of a structure that doesn't have a
complete definition.
For example the following wont compile:
typedef struct FOO_st FOO;
extern FOO bar;
FOO *pbar;
pbar = bar;
but it has no problems on
OK, since the consensus seems to be a compiler bug and a workaround has
been checked in I'll resolve this ticket.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
[[EMAIL PROTECTED] - Wed Jan 15 07:08:15 2003]:
That would certainly seem like a good first step.
Have you traced into it at all? I.e. have you run with debug setup
and
seen a stack trace s.t. you know the function that is crashing and
what
variable is bad (a null pointer or something)?
[[EMAIL PROTECTED] - Wed Jan 15 18:02:51 2003]:
If you just can't figure out
Just to clarify. The posted patch is not so to say try-your-luck
thing, it *does* get me through the ms\test.
aol
me too
/aol
The PEM crash mentioned by the OP though I'm not sure how to reproduce:
It is
[[EMAIL PROTECTED] - Thu Jan 16 18:39:44 2003]:
what did you do to get tunala to compile under Win32?
Oh, that. I have been meaning to send Geoff the diff so it could get
merged into the code base. I'll get to it some day. I had to wrap up
sockets a little and make a few mods in
[[EMAIL PROTECTED] - Fri Jan 17 18:58:35 2003]:
Oh. That could account for the problem if OpenSSL is using the
release
build of the multi-threaded DLL's and my build of tunala is using the
debug
ones. I assume that was on the release build that you changed it,
right? If on the debug
[guest - Tue Jan 21 21:55:40 2003]:
I'm trying to compile open ssl with mingw32 on win2kpro sp2.
I downloaded ftp://ftp.xraylith.wisc.edu/pub/khan/gnu-
win32/mingw32/gcc-
2.95.2/gcc-2.95.2-msvcrt.exe.
I extracted all files to c:\gcc-2.95.2.
I added c:\gcc-2.95.2 to my system path.
[[EMAIL PROTECTED] - Wed Jan 22 09:20:19 2003]:
I have tried this with both 0.9.7-beta 3 and the official 0.9.7
release.
Under windows, running the openssl req command causes an exception
in
libeay32.dll. I found this on a machine that had been working
perfectly and
then suddenly
[[EMAIL PROTECTED] - Thu Jan 23 15:33:56 2003]:
Stephen,
Thanks for the reply. We were kind of hit over the head with this, as
it
had been working fine for quite a while with no problems and suddenly
blew
up on us.
Both the openssl application and the 2 dll's are the official 0.9.7
[[EMAIL PROTECTED] - Sun Jan 19 08:28:56 2003]:
Did you build a debug version of OpenSSL to link against for the
debug
build? This isn't handled automatically and you need to change it so
it
picks up and uses the debug libraries.
Nope. that would explain it. criss-crossing MS
[[EMAIL PROTECTED] - Thu Jan 23 20:34:01 2003]:
Sorry, SP5 not SP6.
I figured it had to do with a time value overflowing a variable size.
I'll
crank down the days value temporarily to workaround it.
I've committed a fix now.
[[EMAIL PROTECTED] - Tue Jan 21 08:38:53 2003]:
Either implementation or documentation of the EVP_SealInit
function is incorrect as the iv Parameter is an output
parameter not an input parameter of the function.
Documentation fixed, thanks for the report.
Steve.
[[EMAIL PROTECTED] - Thu Jan 23 20:54:43 2003]:
Maybe openssl-bugs is the right forum? This really isn't a bug, but a
performance improvement.
Seems like a worthwhile patch.
Are you in the US BTW? If so have you CC'ed the patch to the relevant
export authorities?
Steve.
[guest - Tue Jan 28 14:07:57 2003]:
Sorry, just noticed the problem has been discussed here already.
I'm having exactly the same problem with 0.9.7/Win32 and
i found several other notes about that on the web.
Problem seems to be somwhere in
free(void * 0x5000) line 956 + 11 bytes
[guest - Tue Jan 28 16:53:17 2003]:
Just got
openssl-0.9.7-stable-SNAP-20030127.tar.gz
and tried again.
Seems like problem is fixed :-)
OK, ticket resolved.
Steve.
__
OpenSSL Project
[[EMAIL PROTECTED] - Wed Jan 29 09:15:15 2003]:
gcc -I.. -I../.. -I../../include -DDSO_DLFCN -DHAVE_DLFCN_H
-DOPENSSL_NO_KRB5 -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer
-DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c rand_key.c
gcc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
des-586.s:
[[EMAIL PROTECTED] - Wed Jan 29 09:15:30 2003]:
Hi Richard,
Sorry about asking this of you directly, but I can't
seem to get a post onto the openssl mailing list.
I was hoping you could answer my question, or perhaps
post it to the list for me...
This isn't Richard its the bug
[[EMAIL PROTECTED] - Tue Jan 28 09:55:45 2003]:
Hi,
Hereby i'd like to request the the support for local (source) ip
address binding in bio_conn.c.
This should be fairly easy to implement and allows a connection BIO
to connect from (bind to) a specific source ip address. This
[[EMAIL PROTECTED] - Wed Jan 29 22:18:06 2003]:
The function calling bind, BIO_get_accept_socket, accepts argument in
form src_ip:port... Another [and more common I beleive] alternative
is
to do all the binding yourself and pass the already bound file
descriptor down to BIO. A.
Indeed
[levitte - Thu Jan 30 11:21:30 2003]:
[[EMAIL PROTECTED] - Thu Jan 30 09:08:11 2003]:
The handling of the thisupd and nextupd pointers in
make_ocsp_response()
is incorrect. The pointers should be the first parameter of
x509_gmtime_adj(), rather than the return value.
Why do you
[[EMAIL PROTECTED] - Thu Jan 30 09:28:31 2003]:
Hi
Our's is a Proxy Server SSL enabled multithreaded application.
We are running on solaris operating system.
we are using OpenSSL library [ openssl-0.9.6 ]
we have serverCA and root CA certificate at the Proxy server
application.
[[EMAIL PROTECTED] - Thu Jan 30 20:06:27 2003]:
The best you can do at present is to either use the
DER option in 0.9.7
if you know the encoding or the new mini-ASN1
compiler of 0.9.8. Neither
of which is particularly easy to do.
What do you mean the DER option in 0.9.7? Do I
[steve - Thu Jan 30 20:44:34 2003]:
[[EMAIL PROTECTED] - Thu Jan 30 20:06:27 2003]:
What do you mean the DER option in 0.9.7? Do I modify
the IP address to DER and put it in the config file?
subjectAltName=IP:DER:DER encoding of IPv6 address
Is there some examples of doing
[[EMAIL PROTECTED] - Thu Nov 14 18:54:19 2002]:
RFC 2246 is very vague:
8.1.2. Diffie-Hellman
A conventional Diffie-Hellman computation is performed. The
negotiated key (Z) is used as the pre_master_secret, and is
converted
into the master_secret, as specified above.
[[EMAIL PROTECTED] - Fri Jan 31 07:56:07 2003]:
In message [EMAIL PROTECTED] on Fri, 31 Jan
2003 04:59:36 +0100 (MET), via RT [EMAIL PROTECTED] said:
rt
rt Do you have any ideia when?
0.9.8 at the earliest.
0.9.8 at the latest :-)
I'm currently testing some code that handles IPv6 and
[[EMAIL PROTECTED] - Fri Jan 31 21:06:07 2003]:
i'm sorry for the delay in response. i've been out of the office
during the
last couple of weeks.
yes, more tests fail than i reported, but we only wanted enough
openssl
to work with openssh, so once i got what i wanted, i didn't go
[[EMAIL PROTECTED] - Fri Jan 31 21:36:01 2003]:
i'm happy to test anything you want, but crays are more my forte
and NEC just my spare time, so i can't provide much programming
help myself.
I don't have acess to anything like that myself so...
From that report it looks like the stuff that
[[EMAIL PROTECTED] - Sat Feb 1 00:02:48 2003]:
$ cd apps
$ ./openssl req -x509 -new -nodes -out sscert.pem
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Generating a 1024 bit RSA private key
[[EMAIL PROTECTED] - Sat Feb 1 00:59:01 2003]:
$ ./openssl req -x509 -new -nodes -out sscert.pem -rand /tmp/somefile
Generating a 1024 bit RSA private key
++
..++
writing new private key to 'privkey.pem'
-
You are about to be asked to
[steve - Fri Jan 31 20:40:28 2003]:
[[EMAIL PROTECTED] - Fri Jan 31 07:56:07 2003]:
In message [EMAIL PROTECTED] on Fri, 31 Jan
2003 04:59:36 +0100 (MET), via RT [EMAIL PROTECTED] said:
rt
rt Do you have any ideia when?
0.9.8 at the earliest.
0.9.8 at the latest :-)
I'm
[[EMAIL PROTECTED] - Fri Feb 7 16:32:51 2003]:
Hello.
I want to report a bug in the openssl 0.9.7 ocsp server. The
self-test report and a proposed patch is included below.
This is a known issue. It was fixed a while ago in 0.9.7-stable and will
appear in 0.9.7a
[[EMAIL PROTECTED] - Fri Feb 7 18:39:43 2003]:
Contrary to the documentation EVP_DecryptInit requires the ctx to be
initialized in OpenSSL 0.9.7 (RedHat openssl 0.9.7-3 i686)
This was fixed a couple of weeks back. The fix is in any 0.9.7 stable
snapshot and will appear in 0.9.7.
[[EMAIL PROTECTED] - Fri Feb 7 14:09:28 2003]:
According to RFC 2246 a server can omitt the root certificate:
[...]
certificate_list
This is a sequence (chain) of X.509v3 certificates. The sender's
certificate must come first in the list. Each following
[[EMAIL PROTECTED] - Mon Feb 10 08:28:12 2003]:
# openssl ca -gencrl
Using configuration from /usr/local/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:pass entered
-BEGIN X509 CRL-
snip
-END X509 CRL-
Segmentation fault
#
The revocation list
[[EMAIL PROTECTED] - Mon Feb 10 16:53:48 2003]:
Hello Steve,
Stephen Henson via RT wrote:
[[EMAIL PROTECTED] - Fri Feb 7 14:09:28 2003]:
There are a number of problems with it.
[...]
It really needs replacing with something less horrible. For example it
might:
1
[[EMAIL PROTECTED] - Mon Feb 10 20:02:40 2003]:
Hello Steve,
OK.
I should clarify myself:
It is to do it correctly, but not needed to fix the actual problem.
However option 4 easy to do and could be argued as being a bug fix.
OK.
Perhaps something like:
build the chain
I've committed a fix to address this issue which will appear in the next
dev and stable snapshot (i.e. so it will appear in 0.9.7a).
Let me know of any problems ASAP.
Steve.
__
OpenSSL Project
[guest - Fri Feb 14 10:56:47 2003]:
need to know how i can include a new encryption algorithm support in
openssl?
thanks in advance
The bug tracker should be used for reporting bugs in OpenSSL.
Other queries should be directed to the mailing lists: openssl-users in
this case.
Steve.
[[EMAIL PROTECTED] - Fri Feb 14 23:42:02 2003]:
Hello Steve,
Stephen Henson via RT wrote:
I've committed a fix to address this issue which will appear in the next
dev and stable snapshot (i.e. so it will appear in 0.9.7a).
Let me know of any problems ASAP.
I finally got around
[EMAIL PROTECTED] - Sun Feb 23 22:17:03 2003]:
So I've read this thread, and had a look at the code. What do I have
to do
to fix this error? (exactly)
I didn't find out exactly what the OP did to get this error.
However you can check that there is a line:
#define EXPORT_VAR_AS_FUNCTION
[EMAIL PROTECTED] - Tue Mar 11 20:37:22 2003]:
Hi,
The example code that comes with openssl comes with a file 'selfsign.c'
which I used to generate a key. I modified the line that calls
X509_gmtime_adj to 100 years because I didn't care about key expiry
(this is probably the wrong way
[EMAIL PROTECTED] - Tue Mar 11 14:48:48 2003]:
It's looks like a bug in OpenSSL 0.9.7a with OPENSSL_NO_ENGINE in
crypto/digest.c:EVP_DigestInit_ex:190
Was
if (type) {
...
else if(!ctx-digest)
{
EVPerr(EVP_F_EVP_DIGESTINIT,
[EMAIL PROTECTED] - Thu Feb 20 11:16:21 2003]:
Hello,
try ./config shared no-engine, then compile.
Apache 1.3.27/mod_ssl crashes with segmentation fault.
if i remove 'no-engine' - all ok,
linux 2.4.19/gcc 2.95.3/glibc 2.1.3
I've just committed a fix which may well be the cause of
[EMAIL PROTECTED] - Fri Feb 28 15:35:44 2003]:
Hi,
we discovered a problem with the openssl ocsp HTTP
client: when doing openssl ocsp -issuer issuer.pem
-cert cert.pem -url http://ocspserver/ocsp -port 80
-CAfile ca.pem towards a server that returns as first
line HTTP/1.1 200 , and not
[EMAIL PROTECTED] - Tue Mar 18 19:22:49 2003]:
Openssl bugs administrator,
I believe I found a bug in EVP_DecryptInit and EVP_EncryptInit. The
documentation at: http://www.openssl.org/docs/crypto/EVP_EncryptInit.html
says that those two functions and EVP_CipherInit do not need the
[EMAIL PROTECTED] - Mon Mar 24 17:09:54 2003]:
Hi,
There seems to be a bug in check_revocation() (file: x509_vfy.c).
Yes, you are right, the logic is the wrong way round. I must've only
checked it against paths with two certs in them where it wouldn't show
up as an error.
I'll check in a
An application should call EVP_CIPHER_CTX_cleanup() after a cipher
context is finished with to free up any allocated memory.
Before 0.9.7 not calling this function on a ctx wouldn't leak memory but
it would still leave sensitive information around: so calling it was
always a good idea.
[EMAIL PROTECTED] - Tue Apr 1 12:04:10 2003]:
On Tue, Apr 01, 2003 at 09:32:33AM +0200, Christoph Martin wrote:
So I can safely call EVP_*Init() on the same ctx without freeing
inbetween? Why are there *_ex() functions which don't free stuff
when the *() functions now don't free stuff
[EMAIL PROTECTED] - Wed May 28 18:56:15 2003]:
Hi,
I'm unable to connect via SSL with IBM Apache Web server (MUZO, the
card-payment company in the Czech Republic).
I'm using Red Hat 9 (openssl-0.9.7a-5) and the connection is closed
after sending HTTP request. Red Hat Linux version 8.0
[EMAIL PROTECTED] - Sun May 25 12:30:38 2003]:
I have been trying to issue certificate containing AIA and
CertificatePolicies (only with UserNotice) extensions.
I have found the appropriate config file definitions for AIA and
CertificatePolicies extensions
and managed to issue
Patch committed, thanks for the report.
Steve.
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED] - Fri Nov 22 10:27:16 2002]:
OS: Windows, but I think it is a cross-platform bug.
Version: 0.9.6g
In the following function which is called from
PKCS7_sign, if the source text contains a line of text
which is exactly a mutiple of MAX_SMLEN-2 characters
long and has a
I've tried this on the latest 0.9.7-stable version and it fails with a
base64 decoding error.
The cause is that the base64 BIO is rather broken as I discovered when I
attempted to run some exhaustive non-blocking I/O tests on it a while ago.
Since the changes were quite extensive, it could
[EMAIL PROTECTED] - Sat Apr 12 21:49:41 2003]:
Hi !
I am asking you about the possibility of intergrating
the wtls certificates in the certificates formats
supported by the openssl.
Could you tell me how can i add this format to be
supported?
Thank you!
I have worked on these things
[EMAIL PROTECTED] - Fri Jun 13 22:27:37 2003]:
Hello,
I've already sent this mail to openssl-dev, and saw a little bit later
that a request tracker was set up.
So, i forward it to you.
Here are 2 tars including diff files to implement CRL numbers in ca's
CRL generation.
File changed
Which version of OpenSSL are you using?
Have you tried the latest stable snapshots?
IIRC I fixed that bug a while ago.
Steve.
__
OpenSSL Project http://www.openssl.org
Development Mailing List
[EMAIL PROTECTED] - Mon Jul 21 15:55:36 2003]:
OS: solaris64-sparcv9-gcc
OpenSSL: 0.9.7
Hello,
I'm getting a
segmentation fault, when calling PKCS12_parse in the following way:
...
X509 *tmpCert;
EVP_PKEY *tmpKey;
PKCS12* pkcs12;
...
if
[EMAIL PROTECTED] - Tue Jul 22 12:45:26 2003]:
However if you could a stack trace
when it crashes, also
core file = core -- program ``dspwd'' on
platform SUNW,Ultra-1
SIGSEGV: Segmentation Fault
$c
libc.so.1`realfree+0x70(1001da280, 1001da0f0, 342c636e3d442d50,
[EMAIL PROTECTED] - Mon Jul 28 15:31:12 2003]:
Hello Dr. Henson,
It seems, that OpenSSL overwrites allocated
memory -
may be memory allocated for 32-Bit and used with 64-
Bit?
I've found the error. :-)
The problem ist following:
In file a_mbstr.c in function
On Sat, Nov 15, 2003, David wrote:
These bugs all appear to be mostly cosmetic, but they leave me wondering
what the latest valid expiration date is and whether the generated
certificate is actually valid.
The problems are largely based around the behaviour of the system time
libraries
Between OpenSSL 0.9.6 and 0.9.7 the OpenSSL_add_all_algorithms()
function was replaced by a macro. This was needed to get the auto
configuration code to work.
This has the consequence than any binary linked against an OpenSSL
shared library version 0.9.6 will fail with that kind of error if an
[EMAIL PROTECTED] - Mon Nov 17 14:49:59 2003]:
Lutz Jaenicke via RT [EMAIL PROTECTED] said:
Hmm. Between OpenSSL 0.9.6 and 0.9.7, the following change was made
(see the corresponding util/libeay.num files):
OpenSSL_add_all_algorithms 508 EXIST::FUNCTION:
became
[guest - Sat Feb 24 04:06:10 2007]:
-mcpu was replaced with -march in the 0.9.7 branch only. This change
was never made to the 0.9.8 branch (which builds successfully for me).
If
I switch -march back to -mcpu in the generated Makefile then
everything works again.
Can you upgrade to
-mcpu wasn't deprecated on SPARC. I think it was only deprecated
on i386.
Seems that some platforms support -mcpu and others -march, ugh. I've
reverted the sparc changes to the Configure script. Please try this patch:
http://cvs.openssl.org/chngview?cn=15967
or the next snapshot.
[EMAIL PROTECTED] - Thu Mar 01 18:42:31 2007]:
On further examination, this problem appears to be bad compilation of
the sha/fips_standalone_sha1 program:
Which would indicate either a bad SHA1 implementation or that that
programs' calls are getting a translated version of the file. Try
[EMAIL PROTECTED] - Fri Mar 02 09:58:13 2007]:
openssl pkcs12 -export -in _.pem -nodes -out _.p12
generates PFX DER data with MacData in which empty password is used
incorrectly, violating following quote from Chapter B, section B.2, item
3 of PKCS#12 standard [1]:
Note that if
This change causes a number of problems. Not least of which that
kerberos ciphersuites no longer work at all on OpenSSL 0.9.8e.
In more detail:
1. We should check pms not p for the version info. If the rollback bug
flag is to tolerate clients (including OpenSSL before this) which put
random
[EMAIL PROTECTED] - Tue Mar 13 09:12:05 2007]:
I'm totally confused by a difference I'm observing
between openssl-0.9.8 and openssl-0.9.8d, both
compiled on the same solaris box with the same
compiler installation (gcc-3.4.4), both passing
make test.
I'm decrypting a DES-encrypted
I've attempted to reuse the header files in s_client.c which have used
similar select() functionality for quite a while.
If this still doesn't work properly on all systems I'd suggest using
something similar to s_client.c, s_server.c or speed.c
Let me know of any problems.
An alternative technique is mentioned in:
http://marc.info/?l=openssl-devm=118001266831974w=2
this doesn't make use of gcc specific features and might be the way to
go. It needs to cover a few additional cases though such as safestack, I
haven't had time to cover those cases yet.
Steve.
1 - 100 of 926 matches
Mail list logo
